{"updated":"2025-01-20T01:29:27.455754+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00189787","sets":["1164:1579:9341:9500"]},"path":["9500"],"owner":"11","recid":"189787","title":["テイント追跡手法SWIFTによるディレクトリトラバーサルの検出"],"pubdate":{"attribute_name":"公開日","attribute_value":"2018-06-07"},"_buckets":{"deposit":"118c823a-cde3-47b8-a631-dd85dbb266bb"},"_deposit":{"id":"189787","pid":{"type":"depid","value":"189787","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"テイント追跡手法SWIFTによるディレクトリトラバーサルの検出","author_link":["432846","432850","432849","432844","432848","432847","432851","432845"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"テイント追跡手法SWIFTによるディレクトリトラバーサルの検出"},{"subitem_title":"Detecting Directory Traversal using String Wise Information Tracking","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"セキュリティ・ディペンダビリティ","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2018-06-07","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京大学"},{"subitem_text_value":"東京大学"},{"subitem_text_value":"東京大学"},{"subitem_text_value":"東京大学"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/189787/files/IPSJ-ARC18231021.pdf","label":"IPSJ-ARC18231021.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-ARC18231021.pdf","filesize":[{"value":"455.6 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"16"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"899835d5-3fbe-443e-9dbb-e0d572671231","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2018 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"田仲, 史周"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"宮永, 瑞紀"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"入江, 英嗣"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"坂井, 修一"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Fumichika, Tanaka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Mizuki, Miyanaga","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hidetsugu, Irie","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shuichi, Sakai","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN10096105","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8574","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"コンテンツ管理システム (CMS) の利用増加などによりインジェクションアタックヘの対策が重要になっている．インジェクションアタックに対する一般的な対策は既知のアタックをデータベース化して入力と照合する事で侵入を検知するものであるが，未知のコードによる攻撃を検出しにくい欠点がある．攻撃コードの既知　/　未知に関わらず包括的なインジェクションアタック検出を可能とする手法として，SWIFT (String Wise Information Tracking) が研究されている．これは，外部入力の文字列がその後どのように使わるかをチェックすることで，攻撃成立の前に実行を停止させる手法である．SWIFT の実証実装 PHP-SWIFT では最新の SQL インジェクション攻撃をデータベース無しで検出できることが確認されているが，この検出部は SQL インジェクションのみをターゲットとしていた．本研究では，他の性質を持つ主要なインジェクション攻撃としてディレクトリトラバーサル攻撃に着目し，PHP-SWIFT 用に同様に検出部を提案する．この拡張によって SWIFT-PHP の実用可能範囲を広げると共に，更に包括的な攻撃検出に向けたフレームワークを開発する．Wordpress プラグインの脆弱性を対象としたディレクトリトラバーサル攻撃を再現し行った評価では，用意した全ての攻撃を検出する事に成功した．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告システム・アーキテクチャ（ARC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2018-06-07","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"21","bibliographicVolumeNumber":"2018-ARC-231"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-19T00:55:47.767484+00:00","id":189787,"links":{}}